Adobe warns of critical Flash vulnerability

If you've got Adobe Flash Player installed, you'd do well to grab the latest version as the company warns of yet another serious security flaw in the product.

Adobe has released a critical patch for serious security vulnerabilities in its Flash Player software, warning that OS X and Windows users are under active attack.

The patches, which Adobe recommends should be installed on all systems with Flash Player across Windows, OS X, Android and Linux platforms, address vulnerabilities in the software that are being actively exploited in the wild by ne'er-do-wells intent on taking over computers for their own nefarious ends.

'Adobe is also aware of reports that [the vulnerability] is being exploited in the wild in attacks delivered via malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on the Macintosh platform, as well as attacks designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content,' the company admitted in its security bulletin on the matter.

The flaw can be exploited via a maliciously-crafted SWF file, either through the user's browser or embedded in files opened by other applications - as with the Word document example given by Adobe. When exploited, it allows the attacker full control over the client system using the privilege level of the affected user.

It's a serious flaw, but hardly the first: the ubiquity of Adobe Flash Player and its presence in most browsers, either as embedded code or as a plug-in module, make it a favourite of crackers and virus-spreaders across the world. A similar emergency patch was released in August last year, itself following multipleemergencypatches dating back to the launch of the software. That's not even getting into the issue of Adobe Acrobat or the company's free Adobe Reader packages, which havetheirowntroubledhistory.

Those who have Flash Player installed as a plug-in in their browser are advised to download and install the update as soon as possible, while users of Google Chrome and Microsoft Internet Explorer 10 will need to sit tight and wait for the companies to patch the built-in Flash Player code.

Originally Posted by ArcAngeLUninstall. It's time flash and java was no more. Html5 all the way.

There's no doubting the security cluster **** that is java and flash is up there too. But what happens when html 5 becomes equally ubiquitous. The security holes will probably start getting poked in it quite quickly too.

if your using Chrome or Opera (and soon firefox) you can enable "Click to play" (under settings > adv > Content) or "Load Plug-in Only on demand" (tools > Pref > ADV > content) , that puts an Play icon on where the flash or Java object norm is (an side affect it also stops most ads from showing if they lack an static ad backup) i got an Play icon at the bottom of this forum right now (floating ad frame)

Been saying for two years allready, that Flash and Java needs to go in favour of HTML5. Nobody really needs Flash and Java anyways, as you can do most of the stuff with pure HTML5 and CSS. The only reason for Flash still being around is the heavily used FLV.
Java is allready gone for the bigger part and only javascript is being used, but that doesn't require any PlugIns to begin with.

Hopefully youtube makes the transition to HTML5 sooner than later, as this will make Flash useless for the majority of users.

There are still a lot of web games around that use flash and/or java though those could be replaced by webgl. Though I agree for many people flash has become nothing more than an annoying ad delivery system.

To be fair, the rest of you smashing Flash with the negative 'Ban' style hammer, you must remember 5-8 years ago it was a great piece of software that was used for a lot of things and we didnt exactly hate it then. If anything HTML5 is grown from the advantages of flash and java alike (in a way). And lets face it something that was used in a lot of applications and webpages is bound to be exploited at some point like EVERYTHING thats connected to the internet. HTML5 is not going to pretend like Mac and Apple nerds incorperated that they are invincible to flaws, viruses, exploits etc. As Humans and as everything above is designed by humans nothing is perfect from or by us. The fact they have addressed it is something rather than this being found 12 months later or something done about it at a far later date.

Please do NOT flash in this weather as you will be left vulnerable due to the icy conditions, speaking as a professional flasher ( I was going to retire but thought I'd stick it out a while longer ) I know what I'm talking about.